25 Practical examples of the find command

GNU/Linux

find is a utility that allows to search files (regular file, directory, symbolic link…) through a hierarchy of directories, it is powerful and feature-rich.

The find command allows you to find files by:

  • Name (match with a text or regular expression)
  • Symbolic links
  • Dates
  • Size
  • Type: regular file, directory, symbolic link, socket,…
  • User and group
  • Access permission
  • Number of directory level
  • Or some combination of the above

Once we found what we are looking for we can:

  • View or edit
  • Store
  • Delete / rename
  • Change permissions
  • Grouping and more

In this article we will show how to use find through examples

Basic search

1. Find all regular files

$ find Symfony -type f
Symfony/web/.htaccess
Symfony/web/app.php
Symfony/web/app_dev.php
Symfony/web/robots.txt
...

2. Find all directories

$ find Symfony -type d
Symfony/
Symfony/web
Symfony/web/bundles
Symfony/web/bundles/webprofiler
...

3. Search based on the name of the files or directories

$ find Symfony -name '*config*';
Symfony/app/config
Symfony/app/config/config_prod.yml
Symfony/app/config/config.yml
...

4. Search based on the name (case insensitivity)

$ find Symfony -iname '*config*';
...
Symfony/.../Loader/ConfigurationLoader.php
Symfony/.../ConfigurationResource.php
...
Symfony/app/config
Symfony/app/config/config_prod.yml
Symfony/app/config/config.yml
...


Search based on the size of the files

5. Find all files with size equal to 300MB

$ find . -size 300M

6. Find files with size greater than 300MB

$ find . -size +300M

7. Find files with size less than 300MB

$ find . -size -300M

8. Find all files with size greater or equal to 270MB and less than 300MB

$ find . -size +270M -size -300M

9. Find empty directories and files

$ find . -empty


Search based on dates

GNU/Linux stores the last date of the following operations:

Operation Meaning find option
access when it reads the contents of a file -atime,-amin
modification changing the contents of a file -mtime,-mmin
change of status modifies the file name or its attributes (perms, owner, …) -ctime,-cmin

To know the above dates use the stat command, for example:

$ stat index.php
...
Access: 2016-06-02 22:53:22.813885684 -0500
Modify: 2016-05-08 12:12:12.971073193 -0500
Change: 2016-05-08 12:12:12.971073193 -0500

10. Find the files that were accessed less than 15 days ago

$ find . -atime -15

11. Find the files that were modified over 7 days ago

$ find . -mtime +7

12. Find the files which change its status in a period between 2 and 6 minutes ago

$ find . -cmin +2 -cmin -6


Search based on owner and group

13. Find files whose owner is sedlav

$ find . -user sedlav -type f

14. Find the files that belong to the group flossblog

$ find . -group flossblog -type f

find allows you to find files using the numeric identifier of the owner and group, the advantage of using this method is that it allows you to specify ranges.

15. Find files whose owner has a uid between 500 and 1000 (excluding 500 and 1000)

$ find . -uid +500 -uid -1000 -type f

Sometimes it is necessary to find all the orphaned files for example if we have evidence of some unusual behavior from our server or workstation can start finding all the files that do not belong to any user or group

16. Find the files that do not belong to any user

$ find . -nouser

17. Find the files that do not belong to any group

$ find . -nogroup

Search based on the permissions of the files

find allows you to find files for which the current user has read permissions (-readable), writing (-writeable) and execution (-executable) or files that have a certain mode

18. Find all files that can be read by the current user

$ find . -readable

19. Find all files that can be modified by the current user

$ find . -writable

20. Find all files that the current user can execute

$ find . -executable

Find files that have a certain mode

-perm PMODE

  • PMODE may be octal or symbolic
  • PMODE can be prefixed with: / or
  • If PMODE is not prefixed with / or then the permissions on the file should be exactly match PMODE
  • If PMODE is prefixed with then will match if the permissions of the file contains PMODE
  • If PMODE is prefixed with with / then will match if any of the bits set to PMODE are present in the file permissions (Symbolic is not allowed)
Perm Octal Symbolic
Read 4 r
Write 2 w
Execute 1 x

Examples:

21. Find all files whose owner and group have read and write permissions and and the rest of the world read permission
$ find -perm 664
22. Find all files whose owner and group have permissions for reading and writing, and the rest of the world read permission

Note before the mode, therefore here also match the files that have the following permissions: 777, 666, 776

$ find . -perm -664
23. Find all the files that can be modified by any user
$ find . -perm /222

Advanced search

24. Search based on regular expressions down one level

Find all directories under project DIR down to a single-level (non-recursive search), that are not empty, not ending in a digit, old backups, bkp or contain the words backup, copy, new back followed by a hyphen, underscore or dot.

$ PATTERN='.*/((.*([0-9]|old|ba?c?ku?ps?))|(..*)|(copy|new|backup|back|)[-_.].*)

25. Combining find, xargs and grep

This is one of my favourite combinations due I can perform a lot of custom searches. For example, if I want to search the word ireg in all php files of my project then I would do:
$ find project -name '*.php' -type f -print0 | xargs -0 grep -l ireg

Further reading

  • man find
  • info find

;
$ find project -maxdepth 1 -mindepth 1 -regextype posix-egrep ! -iregex $PATTERN ! -empty -type d

25. Combining find, xargs and grep

This is one of my favourite combinations due I can perform a lot of custom searches. For example, if I want to search the word ireg in all php files of my project then I would do:


Further reading

  • man find
  • info find

YouTube video

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.